On Mo, 2015-10-12 at 13:25 +0200, Christophe Fergeau wrote: > Before commit b1ea7b79e1, it was possible to start with -spice > disable-ticketing, and then use the "set_password spice" command to > enable ticketing with SPICE. Since commit b1ea7b79e1 this is no longer > possible as qemu_spice_set_ticket() will return an error unless the > 'auth' type is "spice". When ticketing is disabled, 'auth' is "none" so > the attempt to set password fails.
Huh? And this actually worked? i.e. spice_server_set_ticket() has an effect after spice_server_set_noauth() was called? > This change of behaviour caused a bug in oVirt > https://gerrit.ovirt.org/#/c/44842/ Hmm, I'd say fix this in ovirt then [1]. If you want run with spice authentication, then say so when starting qemu. Switching authentication methods as side-effect of setting the password is asking for trouble. We had that with vnc. We finally got rid of it a while ago. I don't feel like opening that can of worms again. Also it encourages bad security practice. If you turn on password auth as side effect of setting the password there is a window where one can access the virtual machine without a password, which probably is not what you want. If there is an actual use case where switching authentication methods at runtime is needed we can discuss that. But we'll be doing that as explicit monitor command, not as side-effect of something else. cheers, Gerd [1] You have to do that anyway. We had three qemu releases (2.1 to 2.3) with that behavior ...
